Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ACC's 'Tigris' Access Terminal server security vunerability..

From: pb () TECHNO ORG (Patrik Backstrom)
Date: Mon, 4 Jan 1999 00:15:07 +0100

On Sun, 3 Jan 1999, Robert Thomas wrote:

I have almost daily contact with ACC's technicians, and i'll make sure
they receive the information, first thing tomorrow morning.

For now, a quick workaround is to restrict telnet access to only the hosts
(or networks) which should be allowed access. Also, it's a good idea to
restrict SNMP and HTTP access to the router.

Issue the following commands:

ADD ACCESS ENTRY <network> <netmask> 23 TELNET
ADD ACCESS ENTRY <network> <netmask> 80 HTTP
ADD ACCESS ENTRY <network> <netmask> 0 PUBLIC

Regarding source routing, it's only enabled if you have a source routing
entry for the physical port, like:

ADD SR PORT ENTRY ETHERNET 1 J7.1
SET SR PORT STATE 1 ENABLED

You can easily disable source routing for the port by typing

SET SR PORT STATE <num> DISABLED

To check if you have source routing configuration in the box, type:

SHOW SR

Hope this helps.

/pb

            [ Boycott Microsoft -- http://www.vcnet.com/bms ]
Previous By Date Next
Previous By Thread Next

Current thread: